CVE & Exploit Intelligence Database

CVE-2011-0773 1 PoC Analysis EPSS 0.09

Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.

CWE-79 Feb 04, 2011

CVE-2011-0772 2 PoCs Analysis EPSS 0.10

Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.

CWE-79 Feb 04, 2011

CVE-2011-0047 EPSS 0.01

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability."

CWE-79 Feb 04, 2011

CVE-2011-0451 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Feb 03, 2011

CVE-2011-0741 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor.

CWE-79 Feb 02, 2011

CVE-2011-0740 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.

CWE-79 Feb 02, 2011

CVE-2010-3854 EPSS 0.02

Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Feb 02, 2011

CVE-2010-4718 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag and (2) category parameters to index.php.

CWE-79 Feb 01, 2011

CVE-2011-0735 EPSS 0.01

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script."

CWE-79 Feb 01, 2011

CVE-2011-0734 EPSS 0.02

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as affecting 9.0.1 CHF1 and earlier.

CWE-79 Feb 01, 2011

CVE-2011-0733 EPSS 0.02

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file.

CWE-79 Feb 01, 2011

CVE-2011-0096 6.1 MEDIUM EXPLOITED 1 PoC Analysis EPSS 0.70

The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."

CWE-79 Jan 31, 2011

CVE-2010-4716 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jan 31, 2011

CVE-2010-2779 EPSS 0.00

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."

CWE-79 Jan 28, 2011

CVE-2010-2778 EPSS 0.00

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit."

CWE-79 Jan 28, 2011

CVE-2010-4710 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570.

CWE-79 Jan 28, 2011

CVE-2011-0048 EPSS 0.01

Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or (2) data: URI in the URL (aka bug_file_loc) field, which allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI.

CWE-79 Jan 28, 2011

CVE-2010-4570 EPSS 0.01

Cross-site scripting (XSS) vulnerability in the duplicate-detection functionality in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the summary field, related to the DataTable widget in YUI.

CWE-79 Jan 28, 2011

CVE-2010-4569 EPSS 0.01

Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI.

CWE-79 Jan 28, 2011

CVE-2010-4567 EPSS 0.01

Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the URL (aka bug_file_loc) field.

CWE-79 Jan 28, 2011